Active Directory LDAP

shane — Sat, 13 Jun 2009 20:07:21 +0000

Below are a series of tables that show a mapping of Active Directory attributes to there LDAP counter parts

AD User Attribute	LDAP Attribute
Name	cn
General
First name	givenName
Initials	initials
Last name	sn
Display name	displayName
Description	description
Office	physicalDeliveryOfficeName
Telephone number	telephoneNumber
Other Telephone numbers	otherTelephone
E-mail	mail
Web page	wWWHomePage
Other Web pages	url
Address
Street	streetAddress
P.O. Box	postOfficeBox
City	l
State/province	st
Zip/Postal Code	postalCode
Country/region	c, co, countryCode
Account
User logon name	userPrincipalName
pre-Windows 2000 logon name	sAMAccountName
Account disabled	userAccountControl
User must change password at next logon	pwdLastSet
Account expires end of (date)	accountExpires
Profile
User Profile path	profilePath
Logon script	scriptPath
Home folder, local path	homeDirectory
Home folder, Connect, Drive	homeDrive
Home folder, Connect, To:	homeDirectory
Telephones
Home	homePhone
Other Home phone numbers	otherHomePhone
Pager	pager
Mobile	mobile
Fax	facsimileTelephoneNumber
Notes	info
Organization
Title	title
Department	department
Company	company
Manager	manager

Object class “computer”

AD Computer Attribute	LDAP Attribute
Name	cn
Location	location
Description	description
Operating System Version	operatingSystem
OS Service Pack	operatingSystemServicePack
Group Membership	memberOf

Object class “group”

AD Group Attribute	LDAP Attribute
Name	cn
Member of Group	member
Description	description
Group Type (global/universal/security)	instanceType

Tags: Active Directory, LDAP, reference

VB Query Active Directory Objects

shane — Sat, 13 Jun 2009 19:56:58 +0000

In an Active Directory environment there is often a requirement to query objects within the AD database, either returning selected attribute values or using this information to for further queries.

The same principles apply across any object type, the script below connects via LDAP, performs a query and returns selected values from Active Directory.

The below script will query all objects in the OU MyServers and subtree, in the domain Domain.co.uk, of type computer, returning the attributes Name and Location.

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject(”ADODB.Connection”)
Set objCommand = CreateObject(”ADODB.Command”)
objConnection.Provider = “ADsDSOObject”
objConnection.Open “Active Directory Provider”

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = “Select Name, Location from ‘LDAP://OU=MyServers,DC=Domain,DC=co,DC=uk’ ” & “Where objectClass=’computer’”
objCommand.Properties(”Page Size”) = 1000
objCommand.Properties(”Searchscope”) = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF

‘ Insert Operators here
objRecordSet.MoveNext

Loop

Once the query has been run the results can then be used for any requirement, a simple example below is to display the name of the computer followed by the Location attribute stored in AD.

……
Do Until objRecordSet.EOF

‘ Insert Operators here
Wscript.Echo “Computer Name: ” & objRecordSet.Fields(”Name”).Value
Wscript.Echo “Location: ” & objRecordSet.Fields(”Location”).Value

objRecordSet.MoveNext
Loop

Any attribute of the object can be displayed as long as it was requested in the initial query; Select Name, Location from…. , attribute names are LDAP attributes rather than field names seen in the Active Directory Users and Computers mmc. A list of attributes can be found here; Active Directory LDAP Attributes

One way to enhance this script further is for each computer selected perform a WMI query against it; VB WMI Query

Tags: Active Directory, LDAP, VB, Windows

Who... What... Where... » LDAP

Active Directory LDAP

VB Query Active Directory Objects